EP4531349A3 - Sécurisation d'applications conteneurisées - Google Patents
Sécurisation d'applications conteneurisées Download PDFInfo
- Publication number
- EP4531349A3 EP4531349A3 EP25158401.7A EP25158401A EP4531349A3 EP 4531349 A3 EP4531349 A3 EP 4531349A3 EP 25158401 A EP25158401 A EP 25158401A EP 4531349 A3 EP4531349 A3 EP 4531349A3
- Authority
- EP
- European Patent Office
- Prior art keywords
- securing
- containerized applications
- application container
- security entity
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0245—Filtering by information in the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/029—Firewall traversal, e.g. tunnelling or, creating pinholes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/088—Access security using filters or firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45595—Network integration; Enabling network access in virtual machine instances
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US17/334,485 US11477165B1 (en) | 2021-05-28 | 2021-05-28 | Securing containerized applications |
| EP22811988.9A EP4352919B1 (fr) | 2021-05-28 | 2022-05-24 | Sécurisation d'applications conteneurisées |
| PCT/US2022/030734 WO2022251220A1 (fr) | 2021-05-28 | 2022-05-24 | Sécurisation d'applications conteneurisées |
Related Parent Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| EP22811988.9A Division EP4352919B1 (fr) | 2021-05-28 | 2022-05-24 | Sécurisation d'applications conteneurisées |
| EP22811988.9A Division-Into EP4352919B1 (fr) | 2021-05-28 | 2022-05-24 | Sécurisation d'applications conteneurisées |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| EP4531349A2 EP4531349A2 (fr) | 2025-04-02 |
| EP4531349A3 true EP4531349A3 (fr) | 2025-06-18 |
Family
ID=83603570
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| EP22811988.9A Active EP4352919B1 (fr) | 2021-05-28 | 2022-05-24 | Sécurisation d'applications conteneurisées |
| EP25158401.7A Pending EP4531349A3 (fr) | 2021-05-28 | 2022-05-24 | Sécurisation d'applications conteneurisées |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| EP22811988.9A Active EP4352919B1 (fr) | 2021-05-28 | 2022-05-24 | Sécurisation d'applications conteneurisées |
Country Status (6)
| Country | Link |
|---|---|
| US (2) | US11477165B1 (fr) |
| EP (2) | EP4352919B1 (fr) |
| JP (1) | JP7503219B2 (fr) |
| KR (2) | KR102817266B1 (fr) |
| CN (1) | CN117378174A (fr) |
| WO (1) | WO2022251220A1 (fr) |
Families Citing this family (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20220303295A1 (en) * | 2017-11-27 | 2022-09-22 | Lacework, Inc. | Annotating changes in software across computing environments |
| US11689505B2 (en) * | 2021-06-28 | 2023-06-27 | Cisco Technology, Inc. | Dynamic proxy response from application container |
| US11847611B2 (en) * | 2021-07-23 | 2023-12-19 | Dell Products, L.P. | Orchestrating and automating product deployment flow and lifecycle management |
| US11960918B2 (en) | 2021-07-23 | 2024-04-16 | Dell Products L.P. | Creating product orchestration engines |
| US12032855B2 (en) | 2021-08-06 | 2024-07-09 | Commvault Systems, Inc. | Using an application orchestrator computing environment for automatically scaled deployment of data protection resources needed for data in a production cluster distinct from the application orchestrator or in another application orchestrator computing environment |
| US12254099B2 (en) * | 2021-08-09 | 2025-03-18 | International Business Machines Corporation | Autoencryption system for data in a container |
| US12068914B2 (en) * | 2022-03-11 | 2024-08-20 | Parallel Wireless, Inc. | SCTP micro-service high availability in public/private cloud |
| EP4505336A4 (fr) * | 2022-04-07 | 2025-09-24 | Entrust Corp | Mise à jour sécurisée de configuration dynamique dans un environnement d'exécution conteneurisé |
| US12135618B2 (en) * | 2022-07-11 | 2024-11-05 | Commvault Systems, Inc. | Protecting configuration data in a clustered container system |
| US20240037229A1 (en) * | 2022-07-28 | 2024-02-01 | Pure Storage, Inc. | Monitoring for Security Threats in a Container System |
| US12273442B2 (en) * | 2022-08-17 | 2025-04-08 | Saudi Arabian Oil Company | Automating the creation and maintenance of containerized applications' custom routes and associated SSL certificates |
| US20240179122A1 (en) * | 2022-11-30 | 2024-05-30 | Lockheed Martin Corporation | Method and system for managing traffic packets |
| US20240273187A1 (en) * | 2023-02-13 | 2024-08-15 | Cisco Technology, Inc. | Systems and methods for extracting and processing auditable metadata |
| US12363042B2 (en) | 2023-06-30 | 2025-07-15 | Oracle International Corporation | Egress traffic policy enforcement at target service |
| US12052172B1 (en) | 2023-06-30 | 2024-07-30 | Oracle International Corporation | Egress traffic policy enforcement at target service on traffic from service tenancy |
| US12395532B2 (en) * | 2023-06-30 | 2025-08-19 | Oracle International Corporation | Egress traffic policy enforcement at target service on traffic from customer network |
| US20250028628A1 (en) * | 2023-07-21 | 2025-01-23 | VMware LLC | Automated debugging of kubernetes application |
| CN117081959B (zh) * | 2023-10-17 | 2023-12-22 | 明阳产业技术研究院(沈阳)有限公司 | 一种网络连通性监测与恢复方法、系统、介质及设备 |
| US12411973B2 (en) * | 2023-11-08 | 2025-09-09 | Bank Of America Corporation | System and method for enhanced encryption orchestration and application integration framework |
Family Cites Families (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040193943A1 (en) | 2003-02-13 | 2004-09-30 | Robert Angelino | Multiparameter network fault detection system using probabilistic and aggregation analysis |
| US8612612B1 (en) | 2011-09-28 | 2013-12-17 | Juniper Networks, Inc. | Dynamic policy control for application flow processing in a network device |
| US9858157B2 (en) * | 2012-10-31 | 2018-01-02 | International Business Machines Corporation | Intelligent restore-container service offering for backup validation testing and business resiliency |
| US20160149863A1 (en) * | 2013-06-25 | 2016-05-26 | Ditno. Pty Ltd | Method and system for managing a host-based firewall |
| US20160342801A1 (en) * | 2014-06-25 | 2016-11-24 | defend7, Inc. | Containerized security as a service |
| TW201728124A (zh) | 2014-09-16 | 2017-08-01 | 科勞簡尼克斯股份有限公司 | 以彈性地定義之通信網路控制器為基礎之網路控制、操作及管理 |
| US10027637B2 (en) | 2015-03-12 | 2018-07-17 | Vormetric, Inc. | Secure and control data migrating between enterprise and cloud services |
| US10616279B2 (en) * | 2016-08-30 | 2020-04-07 | Nicira, Inc. | Adaptable network event monitoring configuration in datacenters |
| US20190394170A1 (en) | 2017-02-27 | 2019-12-26 | Alireza Shameli-Sendi | Firewall rule set composition and decomposition |
| US11140455B1 (en) * | 2017-06-09 | 2021-10-05 | Amazon Technologies, Inc. | Video encoder network sandboxing |
| US10481897B2 (en) * | 2017-07-04 | 2019-11-19 | Vmware, Inc. | System and method for resilient software upgrades in a virtual datacenter |
| US10652942B2 (en) | 2017-08-14 | 2020-05-12 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and device for network initiated packet data unit, PDU, session establishment in a telecommunication network |
| US10887346B2 (en) | 2017-08-31 | 2021-01-05 | International Business Machines Corporation | Application-level sandboxing |
| CN107959614B (zh) | 2017-10-30 | 2020-11-10 | 广东睿江云计算股份有限公司 | 一种基于网络命名空间的多租户自定义组网方法、系统 |
| US10887944B2 (en) | 2018-08-20 | 2021-01-05 | Telefonaktiebolaget Lm Ericsson (Publ) | User plane function control of control plane-user plane separation |
| US10462653B1 (en) | 2018-09-27 | 2019-10-29 | Palo Alto Networks, Inc. | Service-based security per data network name in mobile networks |
| EP3644206A1 (fr) * | 2018-10-22 | 2020-04-29 | Koninklijke Philips N.V. | Constructeur de récipients pour des services de réseau individualisés |
| US11159487B2 (en) * | 2019-02-26 | 2021-10-26 | Juniper Networks, Inc. | Automatic configuration of perimeter firewalls based on security group information of SDN virtual firewalls |
| US11088952B2 (en) | 2019-06-12 | 2021-08-10 | Juniper Networks, Inc. | Network traffic control based on application path |
| US12160437B2 (en) | 2022-02-14 | 2024-12-03 | Mellanox Technologies, Ltd. | Malicious domain generation algorithm (DGA) detection in memory of a data processing unit using machine learning detection models |
-
2021
- 2021-05-28 US US17/334,485 patent/US11477165B1/en active Active
-
2022
- 2022-05-24 KR KR1020247036973A patent/KR102817266B1/ko active Active
- 2022-05-24 EP EP22811988.9A patent/EP4352919B1/fr active Active
- 2022-05-24 WO PCT/US2022/030734 patent/WO2022251220A1/fr not_active Ceased
- 2022-05-24 CN CN202280037835.7A patent/CN117378174A/zh active Pending
- 2022-05-24 EP EP25158401.7A patent/EP4531349A3/fr active Pending
- 2022-05-24 JP JP2023572885A patent/JP7503219B2/ja active Active
- 2022-05-24 KR KR1020237038019A patent/KR102729406B1/ko active Active
- 2022-08-31 US US17/900,721 patent/US11924165B2/en active Active
Non-Patent Citations (2)
| Title |
|---|
| IVANOV KONSTANTIN: "Containerization with LXC (first 400 pages)", 1 February 2017, PACKT PUBLISHING, ISBN: 978-1-78588-894-6, XP055975390 * |
| JAEHYUN NAM1 ET AL: "BASTION: A Security Enforcement Network Stack for Container Networks", 3 February 2021 (2021-02-03), pages 1 - 24, XP061052797, Retrieved from the Internet <URL:http://www.usenix.org/system/files/atc20-paper166-slides-nam.pdf> * |
Also Published As
| Publication number | Publication date |
|---|---|
| US11924165B2 (en) | 2024-03-05 |
| US11477165B1 (en) | 2022-10-18 |
| US20230008901A1 (en) | 2023-01-12 |
| WO2022251220A1 (fr) | 2022-12-01 |
| EP4352919B1 (fr) | 2025-08-20 |
| KR102817266B1 (ko) | 2025-06-09 |
| EP4352919A1 (fr) | 2024-04-17 |
| KR102729406B1 (ko) | 2024-11-14 |
| EP4352919A4 (fr) | 2024-07-10 |
| KR20230160938A (ko) | 2023-11-24 |
| EP4531349A2 (fr) | 2025-04-02 |
| JP2024522101A (ja) | 2024-06-11 |
| JP7503219B2 (ja) | 2024-06-19 |
| KR20240162598A (ko) | 2024-11-15 |
| CN117378174A (zh) | 2024-01-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP4531349A3 (fr) | Sécurisation d'applications conteneurisées | |
| EP4583460A3 (fr) | Classification de trafic de réseau inconnu | |
| WO2011081739A3 (fr) | Langage de marquage extensible fiable pour services de calcul et de données fiables | |
| US20150304343A1 (en) | Method and system for providing self-monitoring, self-reporting, and self-repairing virtual assets in a cloud computing environment | |
| EP1679852A3 (fr) | Sécurité de données dans un réseau sans fil | |
| EP1566734A3 (fr) | Méthode et système pour localiser un problème de configuration d'ordinateur en se fondant sur les configurations d'autres ordinateurs | |
| EP2264956A3 (fr) | Procédé pour sécuriser l'accès à distance sur un réseau privé | |
| DE112020007672T5 (de) | Intra-schicht-adapter für die new radio-kommunikation der fünften generation (5g-nr) | |
| EP1435582A3 (fr) | Algorithme de hachage et gestion de politique | |
| DE102019104531A1 (de) | Anomalieerkennung in einem netzswerksbereichskontroller | |
| WO2008151925A3 (fr) | Gestion de ressources informatiques dans un système informatique distribué | |
| WO2009002597A3 (fr) | Appareil, système, et procédé pour l'acquisition résiliente de contenu | |
| EP1437657A3 (fr) | Système et procédé pour la gestion d' applications logicielles | |
| DE102023104842A1 (de) | Anwendungsprogrammierschnittstelle zur angabe einer anzahl von funkzellen | |
| DE112007000733T5 (de) | Skalierung von ausgehendem Netzverkehr | |
| EP4401376A3 (fr) | Systèmes, procédés et appareil pour mettre en uvre des fonctions d'agent de gestion persistant (pma) pour la commande et la coordination de composants dpu et dslam | |
| DE102023104846A1 (de) | Anwendungsprogrammierschnittstelle zur angabe der fähigkeiten einer funkzelle bezüglich gleichzeitiger abarbeitung | |
| WO2020076834A8 (fr) | Procédés et systèmes d'acquisition et de traitement de données au niveau de dispositifs de bord intelligents par l'intermédiaire de noyaux logiciels | |
| EP3671411A3 (fr) | Système de réalité augmentée (ar) améliorées activé par la localisation et procédé d'interopérabilité d'applications ar | |
| EP1720112A3 (fr) | Une pile-inspection avec des etats pour un système d'anti-virus et un système d'anti-intrusion | |
| WO2007021764A3 (fr) | Procede et systeme de securisation de la transmission sans fil d'une trame agregee | |
| EP2017719A3 (fr) | Procédés et systèmes de traitement d'un ensemble de travaux d'impression dans un environnement de production d'impression | |
| WO2005008391A3 (fr) | Systeme et procede de gestion de niveau de service | |
| WO2023121868A8 (fr) | Architecture divisée de mise en réseau et de sécurité | |
| DE102023130109A1 (de) | Einstellung eines zeitfensters für funksignale |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
| STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
| 17P | Request for examination filed |
Effective date: 20250217 |
|
| AC | Divisional application: reference to earlier application |
Ref document number: 4352919 Country of ref document: EP Kind code of ref document: P |
|
| AK | Designated contracting states |
Kind code of ref document: A2 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
| PUAL | Search report despatched |
Free format text: ORIGINAL CODE: 0009013 |
|
| AK | Designated contracting states |
Kind code of ref document: A3 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
| RIC1 | Information provided on ipc code assigned before grant |
Ipc: G06F 9/455 20180101ALI20250512BHEP Ipc: H04L 9/40 20220101AFI20250512BHEP |